Investigators are zeroing in on several hackers in their hunt for the vandals who jammed Yahoo and other major Web sites last week.

FBI investigators hope to soon interview a hacker in Germany named Mixter, who is believed to have written Tribe Flood Network, one of the programs used in the attacks.

Mixter has denied any involvement in the attacks and told ZDNet yesterday that he would talk to the FBI via phone and give the agency technical advice. "I want the attacker to be catched."

In the past week, the FBI and independent computer security experts have been scouring computer logs, studying network traffic and monitoring Internet chat rooms in a massive effort to find the culprits who blocked millions of Internet users from reaching several popular Web sites.

Stanford University security experts said they have uncovered five separate pieces of evidence pointing to a single suspect, possibly a hacker known as Coolio. They said they turned over all the evidence to the FBI.

David Brumley, a Stanford security officer, said some of the best clues came from monitoring an Internet chat system, called Internet Relay Chat. Many hackers are known to hang out in some of the chat rooms, which are popular in colleges and among some longtime Net users. Many of the conversations that Brumley recorded came from a chat room called goonies, which has since been shut down.

Brumley said he had intercepted one conversation in which the suspect had asked his friends to name a site "they really hated" so he could attack it. The friends replied: "Ebay." About 30 minutes later, attackers overwhelmed eBay with requests for data so

that legitimate users couldn't get through.

In this case, the attackers used a router and other machines connected to the Internet at Stanford's marine biology research center in Monterey to intensify their attack on eBay. Stanford security officer Stephen Hansen said the college couldn't trace the attack because the vandals forged the return addresses on their commands.

Joel de la Garza, a Palo Alto computer security consultant who works with Brumley, identified the suspect as a high school dropout who became a relatively advanced programmer by studying on his own.

In a separate interview, de la Garza said the hacker goes by the name of "Coolio," lives in the Midwest and was responsible for hijacking RSA Security's Web site on Sunday. RSA is a security firm that claimed last week to have developed a tool to foil attacks like the one ones on Yahoo and eBay last week. De la Garza, who works for Securify, predicted an arrest could come in a week.

But another security expert, Michael Lyle, chief technical officer of Recourse Technology in Palo Alto, insists that a 15-year-old Canadian hacker named "Mafiaboy" was involved in some of the later attacks. A New York Times report said he lives in Toronto.

Lyle says Mafiaboy is a copycat, unconnected to the original attack on Yahoo. The main piece of evidence, Lyle said, is talk on the Internet that Mafiaboy identified several of the targets just before they were attacked. He also said the hacker seemed to have information that only insiders would know.

Though Lyle said he has seen dozens of hackers claim credit for the attacks, he insisted Mafiaboy is "the only credible source."

Lyle also said the evidence clearly indicates that different groups of hackers were involved because the attackers did not use the same approach in all the attacks.

But Brumley and other experts remained skeptical of Mafiaboy's involvement. Space Rogue, a full-time security consultant best known for his involvement with the L0pht hacker group in Cambridge, Mass, called the talk groundless.

And Hansen, the Stanford security officer, was more cautious. He said investigators can't be sure that multiple groups were involved, because one group would still likely have access to multiple software programs. He also noted that no one immediately claimed credit for the attacks, and many of the people who started bragging after the vandalism gained heavy news coverage appear to be bogus.

"This thing is hot enough that people might who might ordinarily brag about doing it don't dare," Hansen said.

FBI agents are also scouring computers in Portland, Ore., and at several California universities, including Stanford and the University of California campuses in Santa Barbara and Los Angeles. But there is no indication so far that anyone at the universities was involved directly in the attack, FBI sources said. Lyle said investigators hope to trace the attacks to other computers used in the attack.

Today, President Clinton also plans to meet with as many as two dozen executives of computer and Internet companies to develop ways to combat computer crime.